![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc b/gosa-plugins/gofon/gofon/phoneaccount/class_phoneAccount.inc
index d55d023e496ccd62a500408d549526077bb99fee..872faefff6ddd4b96eefdd1eed5a32861be8e616 100644 (file)
{
/* Definitions */
var $plHeadline = "Phone";
- var $plDescription= "This does something";
+ var $plDescription= "Manage personal phone settings";
var $plIcon = "plugins/gofon/images/phoneAccount.png";
/* Attributes */
".$cur_cfg['VOICE_TABLE'].".password
FROM ".$cur_cfg['VOICE_TABLE'].",
".$cur_cfg['SIP_TABLE']."
- WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".$num."
- AND ".$cur_cfg['SIP_TABLE'].".name='".$this->uid."'";
+ WHERE ".$cur_cfg['VOICE_TABLE'].".mailbox = ".mysql_real_escape_string($num)."
+ AND ".$cur_cfg['SIP_TABLE'].".name='".mysql_real_escape_string($this->uid)."'";
$res = mysql_query($query_tmp);
$vp = mysql_fetch_assoc($res);
if(!isset($vp['context'])){
*/
$inno_tables = array("SIP_TABLE","EXT_TABLE","VOICE_TABLE","QUEUE_TABLE","QUEUE_MEMBER_TABLE");
foreach($inno_tables as $inno_table){
- $sql = "show table status like '".$config[$inno_table]."';";
+ $sql = "show table status like '".mysql_real_escape_string($config[$inno_table])."';";
$res = mysql_query($sql);
$vp = mysql_fetch_assoc($res);
if(!preg_match("/^InnoDB$/i",$vp['Engine'])){
WARNING_DIALOG);
}
- $query = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$old_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query,
"<i>Reguest callerid to be able to identify the user.</i>");
Strict disallows the addition of entries that do not match the targets field length.
*/
$query_a[]= "SET @@sql_mode = STRICT_ALL_TABLES;";
- $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".$this->uid."';";
- $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".$result['callerid']."';";
- $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$this->uid."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($result['callerid'])."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';";
foreach($oldnums as $s_telenums) {
- $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".$s_telenums."';";
+ $query_a[]= "DELETE FROM ".$a_Remove['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';";
}
/* Start transaction, to be able to rollback
*/
$SQL_query_array[] = "SET @@sql_mode = STRICT_ALL_TABLES;";
- $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';\n";
+ $query = "SELECT * FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n";
$rid = mysql_query($query,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive current mysql entries.");
if(mysql_affected_rows($new_connection)){
if(count($sip_data_array)){
$query = "UPDATE ".$a_New['SIP_TABLE']." SET ";
foreach($sip_data_array as $key => $val){
- $query.= "".$key."='".$val."',";
+ $query.= "".$key."='".mysql_real_escape_string($val)."',";
}
$query = preg_replace("/,$/","",$query);
- $query.= " WHERE name='".$this->uid."';";
+ $query.= " WHERE name='".mysql_real_escape_string($this->uid)."';";
$SQL_query_array[] = $query;
}
} else {
*/
foreach($sip_data_array as $s_sip_key=>$s_sip_val){
if($s_sip_val === NULL) continue;
- $s_sip_values.="'".$s_sip_val."',";
+ $s_sip_values.="'".mysql_real_escape_string($s_sip_val)."',";
$s_sip_keys .="`".$s_sip_key."`,";
}
$s_sip_values = preg_replace("/,$/","",$s_sip_values);
**********************/
$customer_id = $newnums[$i_new_key];
- $query = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_New['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Receive callerid");
$voice_data_array['pager'] = $this->pager;
/* Check if there is already an entry in sip_users for this uid */
- $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".$old_customer_id."';\n";
+ $query_tmp = "SELECT * FROM ".$a_New['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';\n";
$rid = mysql_query($query_tmp,$new_connection);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query_tmp, "Check if voicemail entry exists");
$query.= "".$key."='".$val."',";
}
$query = preg_replace("/,$/","",$query);
- $query.= " WHERE customer_id='".$old_customer_id."';";
+ $query.= " WHERE customer_id='".mysql_real_escape_string($old_customer_id)."';";
$SQL_query_array[] = $query;
}
}else{
$s_voi_values = $s_voi_keys = "";
foreach($voice_data_array as $s_voi_key=>$s_voi_val){
if($s_voi_val === NULL) continue;
- $s_voi_values.="'".$s_voi_val."',";
+ $s_voi_values.="'".mysql_real_escape_string($s_voi_val)."',";
$s_voi_keys .="`".$s_voi_key."`,";
}
$s_voi_values = preg_replace("/,$/","",$s_voi_values);
/* Initiate transaction
*/
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$this->uid."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($this->uid)."\";";
$oldnums= array();
foreach($oldnums as $s_telenums){
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
}
foreach($newnums as $s_telenums){
- $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".$s_telenums."\";";
+ $SQL_query_array[]= "DELETE FROM ".$a_New['EXT_TABLE']." WHERE exten=\"".mysql_real_escape_string($s_telenums)."\";";
}
/**********************
$SQL_syn = preg_replace("/,$/","",$SQL_syn);
$SQL_syn .= ") VALUES (";
foreach($entr as $key2 => $val2){
- $SQL_syn .= "'".$val2."',";
+ $SQL_syn .= "'".mysql_real_escape_string($val2)."',";
}
$SQL_syn = preg_replace("/,$/","",$SQL_syn);
$SQL_syn .=");\n";
} else {
if(empty($this->uid)){
$display= $this->show_enable_header(_("Create phone account"),
- msgPool::featuresDisabled(_("Phone"),_("User uid")));
+ msgPool::featuresDisabled(_("Phone"),_("User UID")));
}else{
$display= $this->show_enable_header(_("Create phone account"),
msgPool::featuresDisabled(_("Phone")));
}
/* Assing macroselectbox values */
- $smarty->assign("macros",$this->macros);
- $smarty->assign("macro", $this->macro);
+ $smarty->assign("macros",set_post($this->macros));
+ $smarty->assign("macro", set_post($this->macro));
/* Assign contexts */
- $smarty->assign("voicemail_contexts",$this->voicemail_contexts);
- $smarty->assign("sip_contexts",$this->sip_contexts);
- $smarty->assign("context" ,$this->context);
- $smarty->assign("voice_context" ,$this->voice_context);
+ $smarty->assign("voicemail_contexts", set_post($this->voicemail_contexts));
+ $smarty->assign("sip_contexts", set_post($this->sip_contexts));
+ $smarty->assign("context" , set_post($this->context));
+ $smarty->assign("voice_context" , set_post($this->voice_context));
/* check if there is a FON server created */
if(!count($this->goFonHomeServer)){
$macrotab.= "<tr>";
switch ($type){
- case "combo":
+ case "combo":{
$str= "<select name='".$var."' ".$dis." >";
- foreach(explode(":",$default) as $choice){
- if($choosen==$choice){
- $str.= "\n<option value='".$choice."' selected>".$choice." </option>";
- }else{
- $str.= "\n<option value='".$choice."'>".$choice." </option>";
+ foreach(explode(":",$default) as $choice){
+ if($choosen==$choice){
+ $str.= "\n<option value='".$choice."' selected>".$choice." </option>";
+ }else{
+ $str.= "\n<option value='".$choice."'>".$choice." </option>";
+ }
}
+ $str.="</select>";
+ $macrotab.= "<td style='vertical-align: middle;'>".base64_decode($name)." </td><td>$str";
+ break;
}
- $str.="</select>";
- $macrotab.= "<td>".base64_decode($name)."</td><td>$str";
- break;
- case "bool":
+ case "bool":{
if(!$choosen){
$str="\n<input type='checkbox' name='".$var."' value='1' ".$dis." >";
}else{
$str="\n<input type='checkbox' name='".$var."' value='1' checked ".$dis.">";
}
- $macrotab.= "<td colspan='2'>$str ".base64_decode($name)."";
- break;
+ $macrotab.= "<td style='vertical-align: middle;'colspan='2'>$str ".base64_decode($name)."";
+ break;
+ }
- case "string":
- $str="<input name='".$var."' value='".$choosen."' ".$dis." style='width:340px;'>";
- $macrotab.= "<td>".base64_decode($name)."</td><td>$str";
- break;
+ case "string": {
+ $str="<input type='text' name='".$var."' value='".set_post($choosen)."' ".$dis." style='width:340px;'>";
+ $macrotab.= "<td style='vertical-align: middle;'>".base64_decode($name)." </td><td>$str";
+ break;
+ }
}
$macrotab.= "</td></tr>";
if(strlen(trim($_POST["phonenumber"])) > 20 ){
msg_dialog::display(_("Error"), msgPool::toobig("Phone number"), ERROR_DIALOG);
}elseif (tests::is_phone_nr($_POST['phonenumber'])){
- $number= trim($_POST["phonenumber"]);
+ $number= trim(get_post("phonenumber"));
$this->phoneNumbers[$number]= $number;
$this->is_modified= TRUE;
} else {
/* Transfer ACL's */
foreach($this->attributes as $val){
if(isset($this->$val)){
- $smarty->assign($val,$this->$val);
+ $smarty->assign($val,set_post($this->$val));
}else{
$smarty->assign($val,"");
}
$tmp[$dn] = $attrs['SERVER'];
}
}
- $smarty->assign("goFonHomeServers",$tmp);
+ $smarty->assign("goFonHomeServers", set_post($tmp));
/* Fill arrays */
- $smarty->assign ("goFonHardware", $this->goFonHardware);
+ $smarty->assign ("goFonHardware", set_post($this->goFonHardware));
if (!count($this->phoneNumbers)){
$smarty->assign ("phoneNumbers", array());
} else {
- $smarty->assign ("phoneNumbers", $this->phoneNumbers);
+ $smarty->assign ("phoneNumbers", set_post($this->phoneNumbers));
}
$dis = "";
} else {
$color= "";
}
- $hl.= " <option $color label=\"$cn\" value=\"$cn\" $selected>$description </option>\n";
+ $hl.= " <option $color label=\"$cn\" value=\"".set_post($cn)."\" $selected>".$description." </option>\n";
}
$hl.= "</select>\n";
$smarty->assign ("hardware_list", $hl);
/* Save context */
if(isset($_POST['context'])){
- if($this->context != $_POST['context']){
+ if($this->context != get_post('context')){
$this->is_modified= TRUE;
}
- $this->context= $_POST['context'];
+ $this->context= get_post('context');
}
/* Save voice context */
if(isset($_POST['voice_context'])){
- if($this->voice_context != $_POST['voice_context']){
+ if($this->voice_context != get_post('voice_context')){
$this->is_modified= TRUE;
}
- $this->voice_context= $_POST['voice_context'];
+ $this->voice_context= get_post('voice_context');
}
if(is_array($this->phoneNumbers)){
$backup = $this->macroarray[$this->macro][$key];
if(isset($_POST[$paras['var']])){
- $this->macroarray[$this->macro][$key]['choosen'] = $_POST[$paras['var']];
+ $this->macroarray[$this->macro][$key]['choosen'] = get_post($paras['var']);
}
/* Checkboxes are special, they are not Posted if they are not selected, so the won't be changed with the above code
}
if((strlen($this->goFonVoicemailPIN)==0)||(strlen($this->goFonVoicemailPIN)>4)){
- $message[]= msgPool::invalid(_("Voicemail PIN"),"","",_("Between 1-4 charactes"));
+ $message[]= msgPool::invalid(_("Voice mail PIN"),"","",_("Between 1-4 characters"));
}else{
if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN)){
- $message[]= msgPool::invalid(_("Voicemail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
+ $message[]= msgPool::invalid(_("Voice mail PIN"),preg_replace("/[0-9]/","X",$this->goFonVoicemailPIN),"/X/");
}
}
*/
$str = $this->generate_mysql_entension_entries(true);
if(!$str){
- msg_dialog::display(_("Error"),_("An error occured while updating the database entries!") , ERROR_DIALOG);
+ msg_dialog::display(_("Error"),_("An error occurred while updating the database entries!") , ERROR_DIALOG);
}
if($this->attrs['goFonMacro']==""){
if(!$first_num){
$first_num = $s_telenums;
}
- $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$s_telenums."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($s_telenums)."';\n";
}
- $query = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';";
+ $query = "SELECT id,name,callerid FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';";
$rid = mysql_query($query,$r_con);
@DEBUG (DEBUG_MYSQL, __LINE__, __FUNCTION__, __FILE__,$query, "Database query");
$result = mysql_fetch_assoc($rid);
/* Set mode to strict
Strict disallows the addition of entries that do not match the targets field length.
*/
- $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".$callerid."';";
- $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".$this->uid."';\n";
- $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".$this->uid."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['VOICE_TABLE']." WHERE customer_id='".mysql_real_escape_string($callerid)."';";
+ $SQL[] = "DELETE FROM ".$a_SETUP['EXT_TABLE']." WHERE exten='".mysql_real_escape_string($this->uid)."';\n";
+ $SQL[] = "DELETE FROM ".$a_SETUP['SIP_TABLE']." WHERE name='".mysql_real_escape_string($this->uid)."';\n";
/* Start transaction, to be able to rollback
*/
foreach($this->phoneNumbers as $num){
if((isset($numbers[$num]))&&(($numbers[$num]['uid'][0]!=$this->uid))){
if(isset($numbers[$num]['uid'][0])){
- return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
+ return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['uid'][0]);
}else{
- return sprintf(_("The specified telephonenumber '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
+ return sprintf(_("The specified telephone number '%s' is already assigned to '%s'."),$num,$numbers[$num]['cn'][0]);
}
}
}
if (!count($this->phoneNumbers)){
$smarty->assign ("phoneNumbers", array(""));
} else {
- $smarty->assign ("phoneNumbers", $this->phoneNumbers);
+ $smarty->assign ("phoneNumbers", set_post($this->phoneNumbers));
}
- $smarty->assign("goFonVoicemailPIN",$this->goFonVoicemailPIN);
- $smarty->assign("goFonPIN",$this->goFonPIN);
+ $smarty->assign("goFonVoicemailPIN",set_post($this->goFonVoicemailPIN));
+ $smarty->assign("goFonPIN",set_post($this->goFonPIN));
$display= $smarty->fetch(get_template_path('paste_generic.tpl', TRUE, dirname(__FILE__)));
$ret =array();
if(!$this->is_account) return;
$this->execute();
if(isset($_POST['goFonVoicemailPIN'])) {
- $this->goFonVoicemailPIN = $_POST['goFonVoicemailPIN'];
+ $this->goFonVoicemailPIN = get_post('goFonVoicemailPIN');
}
if(isset($_POST['goFonPIN'])){
- $this->goFonPIN = $_POST['goFonPIN'];
+ $this->goFonPIN = get_post('goFonPIN');
}
}
"plOptions" => array(),
- "plRequirements"=> array('ldapSchema' => array('goFonAccount' => '>=2.7')),
+ "plRequirements"=> array(
+ 'ldapSchema' => array('goFonAccount' => '>=2.7'),
+ 'onFailureDisablePlugin' => array(get_class(),'phoneAccount','phoneConferenceManagment','goFonMacro')
+ ),
"plProvidedAcls" => array(
"telephoneNumber" => _("Telephone number"),
"goFonHomeServer" => _("Home server"),
"goFonContext" => _("Phone context"),
"goFonVoiceMailContext" => _("Voice mail context"),
- "goFonPIN" => _("Telephone pin"),
- "goFonVoicemailPIN" => _("Voicemail pin"))
+ "goFonPIN" => _("Telephone PIN"),
+ "goFonVoicemailPIN" => _("Voice mail PIN"))
));
}
}
if(isset($_POST['macro']) && $_POST['macro'] != $this->macro){
- $this->macro = $_POST['macro'];
+ $this->macro = get_post('macro');
$this->is_modified =true;
}
foreach($this->macroarray[$this->macro] as $key => $paras){
$backup = $this->macroarray[$this->macro][$key];
if(isset($_POST[$paras['var']])){
- $this->macroarray[$this->macro][$key]['choosen'] = $_POST[$paras['var']];
+ $this->macroarray[$this->macro][$key]['choosen'] = get_post($paras['var']);
}
if(isset($_POST['post_success'])){
if($this->macroarray[$this->macro][$key]['type']=="bool"){
if(isset($_POST[$this->macroarray[$this->macro][$key]['var']])) {
- $this->macroarray[$this->macro][$key]['choosen']=$_POST[$paras['var']];
+ $this->macroarray[$this->macro][$key]['choosen']=get_post($paras['var']);
}else{
$this->macroarray[$this->macro][$key]['choosen']=false;
}
if(in_array("goFonVoicemailPIN",$this->multi_boxes) &&
( (strlen($this->goFonVoicemailPIN)==0)||
(strlen($this->goFonVoicemailPIN)>4))){
- $message[]=(_("Voicemail PIN must be 4 characters long!"));
+ $message[]=(_("Voice mail PIN must be 4 characters long!"));
}else{
if(preg_match("/[^0-9]/",$this->goFonVoicemailPIN) && in_array("goFonVoicemailPIN",$this->multi_boxes) ){
- $message[]=(_("Voicemail PIN contains invalid characters!"));
+ $message[]=(_("Voice mail PIN contains invalid characters!"));
}
}
if(preg_match("/[^0-9a-z]/i",$this->goFonPIN) && in_array("goFonPIN",$this->multi_boxes)){
- $message[]=(_("Phone pin contains invalid characters!"));
+ $message[]=(_("Phone PIN contains invalid characters!"));
}
/* check for ! in any parameter setting*/